Home    News Archive    Translate Traducen
News February 2008
27 February 2008

Guides, Papers, etc
www.securityfocus.com
The Laws of Full Disclosure. Read more

www.securityfocus.com
A Guide to Different Kinds of Honeypots. Read more

trendmicro.mediaroom.com
Executive Summary Software and Infrastructure Vulnerabilities. Read more

www.avertlabs.com
Windows Mobile trojan sends unauthorized information and leaves device vulnerable. Read more

research.google.com
Google Technical Report provos-2008a. All Your iFRAMEs Point to Us. Read more

www.websense.com
Google’s CAPTCHA busted in recent spammer tactics. Read more

arstechnica.com
Gotcha, CAPTCHA! Gmail bot detector system cracked. Read more

sunbeltblog.blogspot.com
More on FamilyGuyx turning down Zango... Read more

sunbeltblog.blogspot.com
Publisher says no to Zango. Read more

ddanchev.blogspot.com
RBN's Malware Puppets Need Their Master. Read more

ddanchev.blogspot.com
Inside a Botnet's Phishing Activities. Read more

ddanchev.blogspot.com
The Continuing .Gov Blackhat SEO Campaign - Part Two. Read more

technology.newscientist.com
Wireless worms will follow influenza's example. Read more

www.channelregister.co.uk
That Wi-Fi network you thought was secure? it ain't. Read more

www.avertlabs.com
Can I own your wireless network? Read more

www.securityfocus.com
Virus Tricks of the Old School. Read more

www.eweek.com
Pakistan Drops the BGP Bomb. Read more

www.eweek.com
Five-Year Security Review. Read more

blog.spywareguide.com
Don't Take This Program For A Spin. Read more

blogs.msdn.com
The First Step on the Road to More Secure Software is admitting you have a Problem. Read more

isc.sans.org
'Cold boot' - Guidance for users. Read more

isc.sans.org
Another trojan embedded in a MS-Word DOC. Read more

www.thespanner.co.uk
Polymorphic javascript. Read more

 

Vulnerabilities & Exploits

 

Tools:
code.google.com
Creddump - Extracts Credentials from Windows Registry Hives. Read more

w3af.sourceforge.net
w3af - Web Application Attack and Audit Framework. Read more

blog.wired.com
SIM Card Spy Recovers Deleted Messages. Read more

 

News
www.securityfocus.com
Microsoft: Disk crypto not defeated. Read more

www.securityfocus.com
VMWare flaw allows guests to break out. Read more

www.theregister.co.uk
VMware vuln exposes the perils of virtualization. Read more

news.zdnet.co.uk
VMware security bug exposed on eve of VMworld. Read more

www.circleid.com
Pakistan Hijacks YouTube: A Closer Look. Read more

news.bbc.co.uk
Details emerge on YouTube block. Read more

www.computerworld.com
Finjan uncovers database storing more than 8,700 stolen FTP credentials. Read more

www.securityfocus.com
Court case reveals workers regularly snoop. Read more

www.theregister.co.uk
Spammers crack Gmail Captcha. Read more

www.theregister.co.uk
ISP data deal with former 'spyware' boss triggers privacy fears. Read more

www.theregister.co.uk
Scotland Yard careers website defaced. Read more

blog.trendmicro.com
Botnet Gang in Quebec Set to Appear in Court Today. Read more

www.stuff.co.nz
Aussie police nab $1.15m Web scammer. Read more

today.reuters.co.uk
EU fines Microsoft record 899 million euros. Read more

25 February 2008

Guides, Papers, etc
isc.sans.org
Critical VMware security alert for Windows-hosted VMware client versions. Read more

cansecwest.com
CanSecWest Vancouver 2008. Read more

www.infoworld.com
Adobe melds desktop, Web apps with AIR. Read more

blog.spywareguide.com
HTBomber: A Botnet With Infinite Ringmasters. Read more

blog.trendmicro.com
Plone Sex, Anyone? Read more

blogs.technet.com
Not safe = not dangerous? How to tell if ActiveX vulnerabilities are exploitable in Internet Explorer. Read more

www.darkreading.com
'Gecko' Penetrates Building Access Systems. Read more

www.darkreading.com
At Del Monte, New Apps Open a Can of Worms for Remote Access. Read more

www.darkreading.com
Revisiting Black Hat. Read more

www.esecurityplanet.com
Black Hat: Dtrace a Rootkit? Read more

www.trusteer.com
OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability. Read more

blogs.msdn.com
Disk encryption: Balancing security, usability and risk assessment. Read more

www.gamecritics.com
Study: Players feel relief when killed in violent games. Read more

www.infoworld.com
Computer security's dubious future. Read more

securityincite.com
2008 DOI: Day 5 - Night of the Internet Dead. Read more

www.builderau.com.au
Video. Schneier: Bad news is good news, not so for security. Read more

 

Vulnerabilities & Exploits
kb.vmware.com
Critical VMware Security Alert for Windows-Hosted VMware Workstation, VMware Player, and VMware ACE. Read more

securitytracker.com
VMware Shared Folder Bug Lets Local Users on the Guest OS Gain Elevated Privileges on the Host OS. Read more

securitytracker.com
Opera BMP Handling Bug Lets Remote Users Access Portions of Kernel Memory. Read more

securitytracker.com
Mozilla Firefox BMP Handling Bug Lets Remote Users Access Portions of Kernel Memory. Read more

 

Tools:
www.honeynet.org.pt
- HoneyMole 2.0.2 released. Read more

sqlninja.sourceforge.net
SQLninja - SQL Injection Toolkit. Read more

sqid.rubyforge.org
SQID - SQL Injection Digger. Read more

 

News
www.computerworld.com
Critical VMware bug lets attackers zap 'real' Windows. Read more

www.techworld.com
Microsoft to clamp down on Vista cracks. Read more

www.sfgate.com
Enzyte Maker Found Guilty of Fraud. Read more

www.theregister.co.uk
Linkin Park cyber-stalker sent to jail. Read more

www.theage.com.au
Cult of the Dead Cow offers tool to help hackers. Read more

www.vnunet.com
Microsoft posts Vista SP1 blacklist. Read more

www.computerworld.com
Constant patch releases force IT to adopt new processes. Read more

www.smh.com.au
Police unveil $1 million internet scam. Read more

www.normantranscript.com
Judge says TV station hired hackers to steal her e-mail. Read more

www.vnunet.com
Major Canadian hacker ring cracked. Read more

22 February 2008

Guides, Papers, etc
isc.sans.org
In memory of hard disk encryption? Read more

isc.sans.org
A little web mystery. Read more

ddanchev.blogspot.com
Malware Infected Hosts as Stepping Stones. Read more

ddanchev.blogspot.com
Localizing Cybercrime - Cultural Diversity on Demand. Read more

ddanchev.blogspot.com
Malicious Advertising (Malvertising) Increasing. Read more

ddanchev.blogspot.com
Uncovering a MSN Social Engineering Scam. Read more

ddanchev.blogspot.com
The FirePack Web Malware Exploitation Kit. Read more

msmvps.com
Malicious advertisement on MySpace.com. Read more

www.f-secure.com
Canada eh? Read more

www.f-secure.com
More Finnish Spam. Read more

www.symantec.com
You’re Under Investigation! Read more

sunbeltblog.blogspot.com
The hoax that just won't die. Read more

sunbeltblog.blogspot.com
Nautica Apparel website hacked. Read more

blog.trendmicro.com
Dark Shadows Lurk After Lunar Eclipse. Read more

blog.trendmicro.com
A Growing SoPHISHtication. Read more

blog.trendmicro.com
Bank Of America Phishing source from Korea. Read more

www.darkreading.com
'Live' VMs at Risk While in Transit. Read more

www.darkreading.com
Feds Wrestle With Security Threats. Read more

www.darkreading.com
There She Is, Miss Identify. Read more

www.darkreading.com
The Social Engineer's Toolbox. Read more

www.darkreading.com
Best Practices & Practicalities. Read more

citp.princeton.edu.nyud.net
Lest We Remember: Cold Boot Attacks on Encryption Keys. Read more

www2.csoonline.com
Famous for Fifteen Minutes: A History of Hacking Culture. Read more

www-static.cc.gatech.edu
BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic. Read more

www.podtrac.com
Audio. Security Now 132: Listener Feedback 35. Listen

 

Vulnerabilities & Exploits
www.darkreading.com
Mu Discovers Vulnerabilities in MPlayer. Read more

www.securiteam.co
Windows Message Queuing Service RPC (MS07-065, Exploit). Read more

 

Tools:
missidentify.sourceforge.net
Miss Identify is a program to find Win32 applications. In its default mode it displays the filename of any executable that does not have an executable extension. Read more

 

News
www.nytimes.com
Bill Gates: Internet Censorship Won’t Work. Read more

www.vnunet.com
DRAM crack breaks encryption software. Read more

www.cbc.ca
International hacking network busted, Quebec police say. Read more

www.securityfocus.com
E-mail typosquatting poses leakage threat. Read more

www.securityfocus.com
IRS taxed by phishing attacks. Read more

www.nationalpost.com
Quebec police bust alleged hacker ring. Read more

www.theregister.co.uk
Microsoft opens APIs and protocols to all. Read more

www.casinocitytimes.com
Online gaming sites attacked by botnets. Read more

www.theregister.co.uk
Malware writers think global, act local. Read more

www.smh.com.au
Rogue DNS servers a growing threat. Read more

www.smh.com.au
Porn studio wants Google, Yahoo to help protect kids. Read more

www.sophos.com
Voice phishers cash in on genuine warning with cloned switchboard. Read more

news.softpedia.com
Hackers Now Hiring Hackers. Read more

www.forbes.com
Wiretapping Made Easy. Read more

20 February 2008

Guides, Papers, etc
commons.globalintegrity.org
Internet Censorship: A Comparative Study. Read more

www.computerworld.com
Row highlights Internet censorship in Finland. Read more

www.upi.com
Analysis: Terrorist use of the Internet. Read more

sunbeltblog.blogspot.com
Incredible -- C-NetMedia still continues its grossly deceptive practices. Read more

rbnexploit.blogspot.com
Extortion and Denial of Service (DDOS) Attacks. Read more

www.securityfocus.com
Worries over "good worms" rise again. Read more

www.computerworld.com
Russian hosting network running a protection racket, researcher says. Read more

sunbeltblog.blogspot.com
New tool for analyzing potentially malicious swf files. Read more

pentaphase.de
SWF in a nutshell and the malware tragedy. Read more

www.f-secure.com
Mikkeli Spam Links to ZBot Malware. Read more

www.f-secure.com
Paid for Receiving Bank Transfers. Read more

www.f-secure.com
Campus Party. Read more

isc.sans.org
Update mechanisms in utility software. Read more

isc.sans.org
MS Vista - Windows Update Issue. Read more

ddanchev.blogspot.com
The Continuing .Gov Blackat SEO Campaign. Read more

ddanchev.blogspot.com
Serving Malware Through Advertising Networks. Read more

anti-virus-rants.blogspot.com
when all you have is a hammer, everything looks like a nail. Read more

blogs.securiteam.com
IPv6 and location based tracking. Read more

www.darkreading.com
Free Web Filtering Service Taps User Input. Read more

www.informationweek.com
Malware: One Victim's Story. Read more

www.upi.com
'Internet predator' stereotypes debunked. Read moe

blog.spywareguide.com
World of Warcraft Players: Beware Fake Beta Test Invites! Read more

www.makeuseof.com
Are you Sure your Email isn’t being Hacked?. Read more

dvlabs.tippingpoint.com
PHP File Include Attacks (Part 1 of 4). Read more

dvlabs.tippingpoint.com
PHP File Include Attacks (Part 2 of 4). Read more

dvlabs.tippingpoint.com
PHP File Include Attacks (Part 3 of 4). Read more

 

Tools:
news.bbc.co.uk
Brain control headset for gamers. Read more

 

News
www.theregister.co.uk
Hacker holds onto ill-gotten gains thanks to US courts. Read more

www.usatoday.com
China censures Baidu.com. Read more

www.darkreading.com
Harvard Site Hacked, Posted to BitTorrent. Read more

www.theregister.co.uk
Japan brings down Godzilla of spam. Read more

www.theregister.co.uk
Spain cuffs Wi-Fi leeching lottery scammers. Read more

www.vnunet.com
Hackers step up website attacks. Read more

news.bbc.co.uk
'Hacker' launches iTunes copying. Read more

realitybasedcommunity.net
Scientology abuses eBay's VeRO program to practice religious, price discrimination. Read more

www.chron.com
Anti-American rant takes over Dallas police Web site. Read more

www.theregister.co.uk
Redmond puts key Vista update on ice. Read more

18 February 2008

Guides, Papers, etc
www.stopbadware.org
StopBadware Report - RealPlayer (v10.5, v11). Read more

isc.sans.org
IT Security in the SMB - Follow-up. Read more

www.avertlabs.com
When Is Stealing Not Theft? Read more

ddanchev.blogspot.com
Geolocating Malicious ISPs. Read more

ddanchev.blogspot.com
Massive Blackhat SEO Targeting Blogspot. Read more

ddanchev.blogspot.com
Malware Embedded Link at Pod-Planet. Read more

www.darkreading.com
Botnet Hunters Reveal New Spin on Old Tricks. Read more

www.darkreading.com
Tech Insight: Analyze This Malware. Read more

www.darkreading.com
Disclosure Prevention. Read more

www.zdnet.com.au
Buying security products is often a waste of money. Read more

www.f-secure.com
Campus Party. Read more

www.technewsworld.com
Inside Firefox 3's Latest Beta Update, Part 1. Read more

www.pcworld.com
'Undercover' Security Tool Could Replace Passwords. Read more

www.korelogic.com
Burying Your Head in the SandNet. Sandnets in the Forensic Process. Read more

 

Vulnerabilities & Exploits
www.securiteam.com
Firefox and Opera Memory Information Leak. Read more

 

News
www.infoworld.com
Bug-finder gets no credit from Microsoft. Read more

www.theinquirer.ne
Microsoft tries to blot hacker out of history books. Read more

blogs.zdnet.com
Exploit code surfaces for Microsoft Works, QuickTime. Read more

computerworld.co.nz
Hackers spread malware with 'Hilary Clinton' spam. Read more

www.smh.com.au
Microsoft wants to worm its way into your PC. Read more

news.bbc.co.uk
Machines 'to match man by 2029'. Read more

15 February 2008

Guides, Papers, etc
www.benedelman.org
Critiquing C-NetMedia's Anti-Spyware Offerings and Advertising Practices. Read more

www.theregister.co.uk
Web browsers on the front line of exploitation. Read more

technology.newscientist.com
Friendly 'worms' could spread software fixes. Read more

www.securityfocus.com
Tweaking Social Security to Combat Fraud. Read more

www.f-secure.com
Video - Rogue Spotting. Read more

www.f-secure.com
Up, Up and Away. Read more

isc.sans.org
Tools for updating third-party software. Read more

sunbeltblog.blogspot.com
Dangerous new fake American Greetings spam. Read more

sunbeltblog.blogspot.com
Topical emails continue with rootkit-pushing trojan. Read more

sunbeltblog.blogspot.com
One more attack on the privacy and freedoms of Americans. Read more

sunbeltblog.blogspot.com
Sick malware for sick minds. Read more

www.sophos.com
Zango the Time-shifters. Read more

ddanchev.blogspot.com
Statistics from a Malware Embedded Attack. Read more

ddanchev.blogspot.com
Statistics from a Malware Embedded Attack. Read more

ddanchev.blogspot.com
Visualizing a SEO Links Farm. Read more

ddanchev.blogspot.com
The New Media Malware Gang - Part Three. Read more

ddanchev.blogspot.com
Anti-Malware Vendor's Site Serving Malware. Read more

ddanchev.blogspot.com
BlackEnergy DDoS Bot Web Based C&Cs. Read more

www.darkreading.com
DHS Project Creates New Malware Capture Technique. Read more

www.darkreading.com
Report: Zero-Days Are Now Attackers' Second Choice. Read more

www.darkreading.com
Ten Myths About Identity Fraud. Read more

www.darkreading.com
Protecting Yourself From the Border Patrol. Read more

www.darkreading.com
Weapons of Mass Redirection. Read more

www.darkreading.com
The Truth Behind Code Analysis. Read more

www.popsci.com
The Anonymity Experiment. Read more

www.out-law.com
Bank scammers scammed, says security researcher. Read more

www.eweek.com
The Futility of IPv4 Address Recycling. Read more

blogs.securiteam.com
Q: Restricted user rights and vulnerabilities. Read more

www.theregister.co.uk
MayDay! MayDay! Ruskies reinvent cyber crime. Read more

www.itrportal.com
Tier-3 says new trend in banner ad infection Trojans can be beaten. Read more

www.cnet.com
Enable Vista's hidden administrator, and password-protect its XP equivalent. Read more

www.podtrac.com
Audio. Security Now 131: Free CompuSec. Listen

 

Vulnerabilities & Exploits
securitytracker.com
Microsoft Internet Explorer Buffer Overflow in Fox Pro ActiveX Control Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Microsoft Internet Explorer Argument Validation Flaw in 'dxtmsft.dll' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Microsoft Internet Explorer Property Method Processing Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Microsoft Internet Explorer HTML Layout Rendering Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Microsoft Internet Information Services Error in Processing ASP Page Input Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Microsoft Works/Microsoft Office Bug in Processing '.wps' Field Length Values Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Microsoft Works/Microsoft Office Bug in Processing '.wps' Header Index Table Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Microsoft Works/Microsoft Office Bug in Processing '.wps' File Section Length Headers Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Microsoft Office Publisher Memory Corruption Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Microsoft Office Publisher Invalid Memory Reference Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Microsoft Office Object Processing Flaw Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Microsoft Word Memory Error Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Windows Heap Overflow in Object Linking and Embedding (OLE) Automation Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Windows WebDAV Mini-Redirector Response Handling Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
F-Secure Anti-Virus May Fail to Scan Certain CAB and RAR Archives. Read more

securitytracker.com
F-Secure Internet Gatekeeper May Fail to Scan Certain CAB and RAR Archives. Read more

securitytracker.com
F-Secure Internet Security May Fail to Scan Certain CAB and RAR Archives. Read more

securitytracker.com
Clam AntiVirus Integer Overflow in Processing PE Files Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Cisco Unified IP Phone Buffer Overflow in Telnet Server Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Cisco Unified IP Phone Buffer Overflow in Parsing MIME Encoded SIP Messages Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Cisco Unified IP Phone Buffer Overflow in Parsing DNS Responses Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Java Web Start Bugs Let Remote Users Rename/Copy Files on the Target User's System. Read more

securitytracker.com
FreeBSD sendfile() Discloses Write-only File Contents to Local Users. Read more

 

News
www.securityfocus.com
Microsoft patches severe IE browser flaws. Read more

www.securityfocus.com
Fraudsters look for a little love. Read more

www.computerweekly.com
Storm Worm is basis for most cyber attacks, says IBM. Read more

www.theregister.co.uk
Eugene Kaspersky and the KGB man that never was. Read more

arstechnica.com
More rogue DNS servers serving up poisonous content. Read more

www.theregister.co.uk
Major Linux security glitch lets hackers in at Claranet. Read more

www.theregister.co.uk
Students win appeal against cyberjihad convictions. Read more

www.yorkregion.com
Computer encryption slowing child porn probe. Read more

www.vnunet.com
Storm clouds Valentine's Day inboxes. Read more

www.vnunet.com
Users tricked by promise of celebrity porn. Read more

12 February 2008

Guides, Papers, etc
www.eweek.com
The Anti-Malware Industry Tries to Save Itself. Read more

www.darkreading.com
DNS Inventor Warns of Next Big Threat. Read more

www.daniweb.com/
RealPlayer users held to ransom. Read more

sunbeltblog.blogspot.com
Legitimate security companies advertised through malware. Read more

sunbeltblog.blogspot.com
Spam pushing Vista SP1 Crackz. Read more

www.infoworld.com
Computer security: Why have least privilege? Read more

blogs.securiteam.com
Password: Impossible. Read more

www.pcw.co.uk
OFT highlights scammers tricks. Read more

community.zdnet.co.uk
Botnet more dangerous than Storm? Read more

www.f-secure.com
Storm Has Sent Their Cupids. Read more

www.f-secure.com
ITsecurityEvents.com. Read more

www.avertlabs.com
Another Adobe PDF Exploit in the Wild. Read more

isc.sans.org
Apple security update 2008-001 and 10.5.2 upgrade. Read more

isc.sans.org
Linux Kernel Vulnerability ... 2.6.24.1 and prior. Read more

isc.sans.org
ActiveX FAQ. Read more

isc.sans.org
MSN Messenger Trojan. Read more

isc.sans.org
Adobe Reader exploit in the wild. Read more

ddanchev.blogspot.com
GCHQing with the Honeynet Project. Read more

www.darkreading.com
Keyloggers Aren't Viruses... Are They? Read more

www.0x000000.com
Browsing The Browser. Read more

www.oooninja.com
Is Microsoft Office Adware? Read more

www.darkreading.com
The Coolest Hacks of 2007 - Part II. Read more

www.darkreading.com
Antivirus Inventor: Security Departments Are Wasting Their Time. Read more

security.itworld.com
Encryption could make you more vulnerable, warn experts. Read more

www.nytimes.com
How Sticky Is Membership on Facebook? Just Try Breaking Free. Read more

 

Vulnerabilities & Exploits
www.0x000000.com
Firefox Vulnerable By Default. Read more

 

Tools:
isc.sans.org
Update - Tools for the Home User. Read more

 

News
www.theregister.co.uk
Firefox updates, blitzes trio of critical bugs. Read more

www.theaustralian.news.com.au
Anti-Scientology protests staged. Read more

abcnews.go.com
Church Calls Protesters 'Cyber Terrorists'. Read more

www.efluxmedia.com
Protesters Warn: Scientology - A ‘Money-Making Scheme’. Read more

www.pcw.co.uk
Storm worm 'making millions a day'. Read more

news.smh.com.au
Spanish police detain 76 in major Internet fraud probe. Read more

news.ninemsn.com.au
Enforcing the law against online fraud. Read more

www.theregister.co.uk
UK teen is world's youngest certified ethical hacker (maybe). Read more

www.sfgate.com/
Hans Reiser Trial. Read more

techdirt.com
Danish Block Of The Pirate Bay Leads To Even More Traffic. Read more

www.networkworld.com
Powerful new antiphishing weapon DKIM emerges. Read more

www.earthtimes.org
Internet contacts increase paedophilia, Spanish experts say - Feature. Read more

09 February 2008

Guides, Papers, etc
www.guardian.co.uk
Behind the Great Firewall. Read more

www.microsoft.com
Microsoft Security Bulletin Advance Notification for February 2008. Read more

www.f-secure.com
ITsecurityEvents.com. Read more

isc.sans.org
Adobe Reader exploit in the wild. Read more

isc.sans.org
Multiple vulnerabilities in commonly used client software. Read more

isc.sans.org
Firefox 2.0.0.12 is out. Read more

www.symantec.com
The Flow of MBR Rootkit Trojan Resumes. Read more

www.darkreading.com
The Coolest Hacks of 2007 - Part II. Read more

www.darkreading.com
Antivirus Inventor: Security Departments Are Wasting Their Time. Read more

www.darkreading.com
Rethinking Security. Read more

www.informationweek.com
ComScore Says 'Researchware' Isn't 'Spyware'. Read more

news.bbc.co.uk
Staying safe without anti-virus. Read more

community.zdnet.co.uk
Botnet more dangerous than Storm? Read more

www.cnet.com
Is Linus Torvalds even speaking for Linux anymore? Read more

www.techworld.com
Encryption could make you more vulnerable, warn experts. Read more

www.andrew.cmu.edu
Undercover: Authentication Usable in Front of Prying Eyes. Read more

www.esecurityplanet.com
Two-Factor Authentication, Get Used to It. Read more

www.realtime-itcompliance.com
Two Types Of Young Hackers. Read more

howto.wired.com
Run a Traceroute. Read more

blogs.technet.com
The Kill-Bit FAQ: Part 1 of 3. Read more

blogs.technet.com
The Kill-Bit FAQ: Part 2 of 3. Read more

blogs.technet.com
The Kill-Bit FAQ: Part 3 of 3. Read more

aolradio.podcast.aol.com
Audio. Security Now 130: Listener Feedback 34. Listen

 

Vulnerabilities & Exploits
securitytracker.com
Symantec Ghost Solution Suite Authentication Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Adobe Reader Stack Overflow and Other Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Mozilla Firefox Lets Remote Users Obscure Web Forgery Dialog Warnings. Read more

securitytracker.com
Mozilla Firefox Stylesheet Processing Bug May Let Remote Users Obtain URL Parameters. Read more

securitytracker.com
Mozilla Firefox Lets Remote Users Prevent the Browser From Opening Local Plain Text Files in Certain Cases. Read more

securitytracker.com
Mozilla Firefox Lets Remote Users Tamper with Security Dialogs. Read more

securitytracker.com
Mozilla Firefox Lets Remote Web Sites Corrupt the Password Store in Certain Cases. Read more

securitytracker.com
Mozilla Firefox Lets Remote Users Steal the Focus to Obtain Keystrokes. Read more

securitytracker.com
Mozilla Firefox chrome: URI Directory Traversal Bug Lets Remote Users Load Local Files. Read more

securitytracker.com
Mozilla Firefox designMode Frames May Let Remote Users Obtain Information and Potentially Execute Arbitrary Code. Read more

securitytracker.com
Mozilla Firefox JavaScript Bugs Let Remote Users Conduct Cross-Site Scripting Attacks and Execute Arbitrary Code. Read more

securitytracker.com
HP Select Identity Lets Remote Authenticated Users Gain Access. Read more

securitytracker.com
Mozilla Firefox Bugs in JavaScript Engine Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Mozilla Firefox Bugs in Browser Engine Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com
IBM DB2 Alternate Path Bug Lets Local Users Gain Root Privileges. Read more

securitytracker.com
IBM DB2 Universal Database Administration Server Memory Corruption Error Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Check Point VPN-1 SecuRemote/SecureClient Auto Local Logon Feature Lets Local Users Authenticate as Other Users. Read more

securitytracker.com
WordPress XML-RPC Bug Lets Remote Users Edit Arbitrary Posts. Read more

securitytracker.com
IBM WebSphere Edge Server Input Validation Hole in CGI Mapping Error Page Permits Cross-Site Scripting Attacks. Read more

securitytracker.com
KAME IPv6 Stack Can Be Crashed By Remote Users Sending an IPv6 Packet Containing an IPComp Header. Read more

securitytracker.com
Symantec Altiris Notification Server Lets Local Users Gain Elevated Privileges. Read more

securitytracker.com
HP Storage Essentials Storage Resource Management Software Grants Remote Users Access to Managed Devices. Read more

securitytracker.com
HP Virtual Rooms Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Tcl/Tk Buffer Overflow in Processing GIF Files Lets Users Execute Arbitrary Code. Read more

securitytracker.com
Java Runtime Environment Lets Remote Applets and Applications Gain Elevated Privileges. Read more

 

Tools:
sunbeltblog.blogspot.com
Nifty new tool from ESET. Read more

www.avertlabs.com
FAR Manager goes open source. Read more

 

News
www.theregister.co.uk
FBI sought approval to use spyware against terror suspects. Read more

www.securityfocus.com
Mozilla plugs critical flaws with Firefox patch. Read more

www.securityfocus.com
Apple, Adobe patch application flaws. Read more

www.theregister.co.uk
Hackers seed malware on Indian anti-virus site. Read more

news.bbc.co.uk
Malicious programs hit new high. Read more

www.snpx.com
Complex attack targets Better Business Bureau. Read more

www.vnunet.com
Microsoft preps seven 'critical' fixes. Read more

www.theregister.co.uk
Automated crack for Windows Live captcha goes wild. Read more

news.cnet.co.uk
Hackers to test OS vulnerability. Read more

www.zdnet.co.uk
Windows without IE? What about Windows "N"? Read more

techdirt.com
Chinese Professor Suing Google And Yahoo For Making Him Disappear From Chinese Search. Read more

www.computerworld.com
Updated encryption tool for al-Qaeda backers improves on first version, researcher says. Read more

www.auscert.org.au
Targeted phishing attacks directed towards Australian universities. Read more

06 February 2008

Guides, Papers, etc
blogs.technet.com
Inside Vista SP1 File Copy Improvements. Read more

www.f-secure.com
Spotted in the wild: Rogue Microsoft Update site. Read more

www.f-secure.com
Viagra Shop Busted in Sweden. Read more

sunbeltblog.blogspot.com
Malicious banner ads on the web. Read more

sunbeltblog.blogspot.com
Zango defends Snopes. Read more

sunbeltblog.blogspot.com
The Antispyware Coalition Public Workshop. Read more

www.avertlabs.com
Yet another Yahoo zero-day attack hits the Web. Read more

msmvps.com
Internet Explorer is NOT to blame for the Flash advertisement problem !! Read more

msmvps.com
Malicious advertisement identified - friendsreunited, genesreunited. Read more

www.darkreading.com
New Authentication Scheme Combats Keyloggers, Shoulder-Hacking. Read more

anti-virus-rants.blogspot.com
samples, variants, and signatures - oh my. Read more

anti-virus-rants.blogspot.com
what is packed malware? Read more

www.theregister.co.uk
Turning a Nokia phone into a hotspot. Read more

isc.sans.org
When security improvements backfire. Read more

isc.sans.org
Correction - Yahoo! Data Grid CLSID. Read more

isc.sans.org
GUI Killbit App Available (UPDATE: CLI version too!). Read more

www.disog.org
Botnet Distributed Command and Control. (DC&C). Read more

www.disog.org
Researching your own botnets. Read more

www.disog.org
Infiltrator Botnet Monitor Read more

economictimes.indiatimes.com
Virtual keyboards keep online hackers at bay. Read more

www.technewsworld.com
The Cost of ID Theft, Part 1: Beyond Dollars and Cents. Read more

www.technewsworld.com
The Cost of ID Theft, Part 2: Fixing the System. Read more

dvlabs.tippingpoint.com
PHP File Include Attacks (Part 1 of 4). Read more

 

Vulnerabilities & Exploits
securitytracker.com
iPhoto Photocast Format String Bug Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
HP OpenView Network Node Manager Bug Lets Remote Users Deny Service. Read more

securitytracker.com
EMC Documentum 'dmclTrace.jsp' Bug Lets Remote Users Upload Arbitrary Files and Execute Arbitrary Code. Read more

securitytracker.com
Novell Modular Authentication Service Challenge Response Client Discloses Clipboard Contents to Local Users. Read more

securitytracker.com
Symantec BackupExec System Recovery Manager Lets Remote Users Upload Arbitrary Files and Execute Arbitrary Code. Read more

securitytracker.com
GroupWise Input Validation Hole in 'webacc' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com
Yahoo Music Jukebox Buffer Overflow in AddImage() Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
SAPlpd Memory Corruption Bugs Let Remote Users Execute Arbitrary Code. Read more

securitytracker.com
MPlayer Pointer Dereference in 'demux_mov.c' Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Aurigma Image Uploader Buffer Overflows in ExtractExif() and ExtractIptc() Functions Let Remote Users Execute Arbitrary Code. Read more

 

Tools:
www.truecrypt.org
TrueCrypt 5.0 released. Read more

 

News
www.securityfocus.com
Antivirus firms, testers form standards group. Read more

www.latimes.com
Scientology feud with its critics takes to Internet. Read more

www.theregister.co.uk
Skype squishes cross-zone scripting bug. Read more

www.vnunet.com
Christian hackers attack MySpace page. Read more

www.vnunet.com
Attackers gun for new ActiveX flaws. Read more

www.cutimes.com
'Extreme Hacker' Contest at NAFCU Security Confab. Read more

www.theregister.co.uk
More remote workers squatting next door's broadband. Read more

www.computeractive.co.uk
IM and chatrooms worst for sexual harassment. Read more

04 February 2008

Guides, Papers, etc
www.nytimes.com
Great Firewall of China Faces Online Rebels. Read more

blogs.securiteam.com
How much does it cost to break into SmugMug.com? Read more

www.f-secure.com
Website Partnership Enquiry. Read more

isc.sans.org
Spot Checking Websites using Google Alerts. Read more

isc.sans.org
IT Security in the SMB - Call for input. Read more

sunbeltblog.blogspot.com
Zango defends Snopes. Read more

antispywarecoalition.org
Spyware: What's Worked, What's Left, and What's Coming. Read more

www.cisrt.org
Valentine Day. Read more

www.cisrt.org
Video of Paris Hilton? Read more

ophir.wordpress.com
Privacy, Security and Elastic Computing. Read more

blog.iantivirus.com
Pay-Per-Install A Malware Retail Business. Read more

www.darkreading.com
Tech Insight: The Buzz Around Fuzzing. Read more

www.darkreading.com
Email Authentication Reaches 'Tipping Point'. Read more

www.wired.com/
alt.scientology.war. Read more

www.uninformed.org
Uninformed vol 9. Read more

www.technewsworld.com
Malware Purveyors Had Banner Year in '07. Read more

 

Vulnerabilities & Exploits
securitytracker.com
UltraVNC vncviewer Stack Overflow Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Java Runtime Environment (JRE) XML External Entity Property Lets Remote Users Access URL Resources. Read more

securitytracker.com
Linux Kernel VFS Lets Local Users Trucate Directories. Read more

 

News
blog.wired.com
Afghan Student Sentenced to Death After Downloading Report. Read more

www.washingtonpost.com
Bush Order Expands Network Monitoring. Read more

www.securityfocus.com
Universities fend off phishing attacks. Read more

www.theregister.co.uk
Gov. war gamers hack servers to stay ahead. Read more

www.guardian.co.uk
Hackers declare war on Scientologists amid claims of heavy-handed Cruise control. Read more

www.pcworld.idg.com.au
Storm worm dethroned by sex botnet. Read more

computerworld.co.nz
US site offers encryption tool for al-Qaeda backers. Read more

www.pcpro.co.uk
Kaspersky decries Russian hacker "propaganda" . Read more

www.techworld.com
Start-up looks to head off botnets. Read more

www.computerworld.com
Corporate IT warms up to online backup services. Read more

www.theregister.co.uk
SkypeFinds another security snafu. Read more

www.theregister.co.uk
419 scammers plead guilty in US. Read more

01 February 2008

Guides, Papers, etc
www.securityfocus.com
Skills for the Future. Read more

www.gcn.com
The world of spyware evolves. Read more

isc.sans.org
Universities in the US being targeted in a Spear Phising attack. Read more

ddanchev.blogspot.com
The Shark3 Malware is in the Wild. Read more

www.darkreading.com
Spyware Threat Isn't Dead, Experts Say. Read more

www.darkreading.com
Startup Aims for Meatier Signatures. Read more

www.darkreading.com
Stopping Google Blog Spam. Read more

www.stopbadware.org
RealPlayer 10.5 is badware. Read more

www2.csoonline.com
Social Networking Tips From Security Pros. Read more

www.securitypronews.com
Unbloating Vista Could Be Security Risk. Read more

aolradio.podcast.aol.com
Audio. Security Now 129: Windows SteadyState. Listen

zeroq.kulando.de
A short visit to worm Locksky. Read more

zeroq.kulando.de
A short visit to Perl IRC Bot. Read more

 

Vulnerabilities & Exploits
securitytracker.com
OpenBGPD Input Validation Hole in 'bgplg' Permits Cross-Site Scripting Attacks. Read more

securitytracker.com
SwiftView Buffer Overflow in ActiveX Control and Plug-in Lets Remote Users Execute Arbitrary Code. Read more

securitytracker.com
Coppermine Photo Gallery Input Validation Flaw in 'imageObjectIM' Lets Remote Users Execute Arbitrary Commands. Read more

securitytracker.com
Coppermine Photo Gallery Bugs Permit Cross-Site Scripting and SQL Injection Attacks. Read more

securitytracker.com
Xdg-Utils Input Validation Flaws Let Remote Users Execute Arbitrary Commands. Read more

 

Tools:
zero.ram.rwth-aachen.de
Amun: Python Honeypot. Read more

zeroq.kulando.de
Infiltrator script for quick and dirty botnet monitoring. Read more

 

News
www.darknet.org.uk
German Police Creating Law Enforcement Trojan. Read more

www.theregister.co.uk/
Spyware another weapon for domestic abuse. Read more

www.computerworlduk.com
Microsoft beefs up security APIs for Vista, XP. Read more

www.nbc11.com
IRC Hackers Set Date For Anti-Scientology Protests. Read more

www.sfgate.com
Hackers target Church of Scientology with protests. Read more

www.itnews.com.au
Mega-D botnet stronger than Storm, promotes male sexual pills. Read more

www.infoworld.com
Phishers use DNS tricks to direct users to bad sites. Read more

www.thelocal.se
Police thwart remote-control bank heist. Read more

www.theregister.co.uk
Russian FSB 'protecting' Storm Worm gang. Read more

www.usdoj.gov
Three Defendants Plead Guilty in "Advance-Fee" Fraud Scheme. Read more

www.computeractive.co.uk
Help for victims of cyber-crime. Read more


Copyright© MegaSecurity.org